UK sets out open banking API framework

09 February 2016 | 35862 views | 14

The UK government has thrown its weight behind a report calling for the creation of an open banking standard that makes it easy to share and use financial data, arguing that the move would improve choice for customers, promote competition and stimulate innovation.

Having promised to work with banks and fintech firms on a detailed framework for an open API standard, in November the government set up the Open Banking Working Group (OBWG), giving it a remit to explore how data could be used to help people to transact, save, borrow, lend and invest their money.

Reporting back, the OBWG says that bank data, including information about products and services, should be made available as open data so that services such as comparison tools, can be built allowing customers to get more out of their financial relationships.

In addition, an open API should be created to enable services to be built using bank and customer data. This includes open data about products and services but also shared data about bank transactions that individuals or businesses can choose to share themselves through secure and controlled means.

By making it easier to compare products and services, the working group says the move will help people tailor a suit to their individual needs and make significant savings. Just switching overdraft facilities could save people an average of £140 a year, according to CMA research.

OBWG co-chair and Barclays executive Matt Hammerstein, says: "Banking as a service has long sat at the heart of our economy. In our digitally enabled world, the need to seamlessly and efficiently connect different economic agents who are buying and selling goods and services, is critical. The Open Banking Standard is a framework for making banking data work better: for customers; for businesses and; for the economy as a whole."

Responsibility for the project now rests with the Open Banking Implementation Entity. The report calls for a "minimum viable product" for an open banking API to be launched towards the end of the year, with personal customer transaction data included on a read-only basis at the beginning of 2018, and the full scope, including business, customer and transactional data, reached by 2019.

Commenting on the report for the government, Economic Secretary Harriett Baldwin welcomed the framework, praising not only its ability to benefit customers and businesses but also its potential to "provide fintechs with a globally unrivalled opportunity for innovation in the UK".

Speaking for the industry, BBA chief executive Anthony Browne also backed the plan, saying: "The UK has the potential to be a world leader in the way we use data to help drive competition and innovation in the banking sector, which will give customers more choice and help them save money."

Whilst all initiatives like this are a step forward, the unhealthy market control of the 4 dominant retail banks, who will always strive to continue to retain 92% of the market, will hamper (or obstruct?) the real structural changes that are required.

A big step forward in the banking and payments industry which extends the scope way past PSD2 and will no doubt drive siginifcant innovation. I'm sure there will be many FinTech's out there looking to become regulated entities (e.g. PISPs and/or AISPs) to
take advantage of the opportunity presented by the open banking API framework.

We think that this could only work if the client were in control of what data can be disributed which is far from the situation at present. To be followed with caution as far as we are concerned! MFTSE Affairs S.A.

We think this adds good support to the industry and we fully support creating standards in our work with technical back offices for digital finance applications. The fact is that the new online finance applications needs new models that are up to date and
cant rely on outdated legacy infastructure already in place which was never intended outside publicly traded transactions.

@CliveMunn + 1. I for one wouldn't want my bank to throw up its hands and blame the regulator in the event that I have to complain to it about shady transactions happening on my bank account.

On another note, this has nothing to do with legacy landscape. If mainframes are good for one thing, it is to handle extremely high volume online transaction processing. Same doubts were expressed about legacy when Internet Banking, Faster Payments, Mobile
Banking etc. came into the picture. They survived the increased workload from all of them; they will survive the increased workload arising from third party API calls as a result of this regulation. A fairly common root cause for many banking system failures
has been goof ups during updates, not lack of horsepower. As counterproof, there's virtually no legacy in Indian banking landscape, still the success rate of online payments is absymally poor, thanks in part to the increased workload posed by 2FA mandate.

This should address the full picture - how ISO20022 account statements, PSD2 payments, e-invoicing and POS-payments create the same structured data and take them - line by line - into SME- and private customer automated accounting and cash flow estimates.
The fast way being a swarm of apps with single sign-on from e-banking.

This must be the way to go, now that PSD2 is here. Have a bank common standard (e g ISO 20022 based) interface, and central testing framework for TPPs and PSPs, to minimise work for all. There needs to be a clear framework as well for what consent the data
owner (account holder) must give, and how that is handled, in addition to a clear delineation of the steps by which increasing amounts of data is shared, i.e. only balance on account, reserving amounts in case of delayed booking, selected transaction history,
CT initiation for predefined amount to select beneficiaries, approval of beneficiaries, etc.. A similar continental European initiative ought to be launched.

As I said before here in Luxembourg, I think it would be true to say that we are more concerned about the security of our identity and privacy accross the internet and that this situation must be resolved first. This we are working on and I believe it is
very important for Europe (the UK included)!!

Agree with Roger. In our cutting-admin-burden-in-half and get-all-financials-to-realtime work - linking the e-invoice data to the respective debit or credit automates accounting for the SMEs right away. So this should be included.

Denis Wicking - F C Consultants - Stowmarket | 07 March, 2016, 09:44
Some of the comments confuse legacy or heritage core banking systems, (which sit in the middle and do the daily grind of interest and charges)and the wide range of systems that sit around them to process our web interaction, provide the security layers,
interface to payment systems etc. Strangely it is these newer systems that are the constraints to change. Security is going to be the key challenge for many of the proposals. I authenticate myself to my bank to transact on line; as soon as I allow another
party to access my account, the bank must prove that I have allowed that third party access on my behalf - it is a bit like handing a bunch of signed blank checks over and saying "only use one when I tell you". All this at a time when sophisticated criminals
are exploiting web interface loopholes.

Especially the part about the challenge in controlling access to only when the user wants it. Added to that is the challenge in controlling access to for what the user wants it. From my experience with many web / mobile services / apps that seek access to
one another or social network credentials, this can turn into a major nuisance very soon.

I want to give access for one purpose for one time but, because of the obfuscatory language on the ensuing permissions screen, I inadvertently end up giving access to more purposes and forever.

Over time, it's impossible to keep a track of whom I've given what access to.

Assuming I figure out a way of doing that, it's not easy to locate the feature for disabling access.

This is not a big deal when all these services are doing is relatively harmless stuff like detecting a new post on my blog and posting a link to it on my Twitter account. But, when it comes to banking info, the consequences of such behavior by these services
/ apps can be dire.